A Pox On Spam

Contents

A Pox on Spam

That curse probably won't work, but there are things that can be
done to significantly reduce the quantity of spam, or unwanted
commercial Email, that collects in a mailbox. SPAM is an
idiom for unsolicited and unwanted commercial Email. The US
Congress has made ineffective stabs at controlling spam, but it
hasn't worked. Few spammers are scrupulous enough to follow all the
rules because it makes their messages so easy to eliminate. Their
business is to bombard you with often dubious offers. Anything that
gets in the way of that business needs to be worked around or
ignored.

Spammers will often declare that their messages are not spam at
all by some obscure definition. For the purposes of this page, a
spam message is ANY commercial message that is unsolicited.

Spammers come in four flavors. Each has a role to play in
putting a spam in your mailbox.

The Advertiser. This is the one who wants to get his
message out. He will often pay somebody to do it for him. He
recognizes that his success rate will be very low, but if a message
goes out millions of times, he might get some bites.

The Bulk Mailer. This is the SOB that actually sends you
the message. The advertiser pays a bulk mailer to send the message
far and wide. An advertiser may contract with several bulk mailers
to send the message at the same time so that you might get several
copies of the message from different bulk mailers. The bulk mailer
doesn't care if his message is well received because he gets paid
just to send to out to as many addresses as he can.

The Mailing List Compiler. This is the guy who collects
Email address and compiles them in a list. This list is then sold
to bulk mailers and sometimes, lists are offered in spam messages
directly. There has been an offer going around for a CD that
contains millions of Email addresses. The bulk mailer just collects
addresses. He doesn't care if the addresses are any good, or if the
recipient even wants his Email address on the list. The more
addresses he provides, the more he gets paid.

The ISP. A bulk mailer needs an ISP (Internet Service
Provider) to send his mail. Many ISP's do not tolerate spam
originating from their servers and actively seek out the spammers
and shut them down. Other ISP's, mainly foreign ones, allow the
bulk mailers to operate on their servers because they get paid to
offer that service.

As can be inferred from the interests of the main players, there
is no financial incentive to limit the distribution of spam just to
people that actually want it. Since it costs virtually nothing to
send the messages, the wider it gets distributed, the better for
the spammers. Little things like laws and regulations shouldn't
stand in the way. Further, many spammers are offshore or use
addresses that are defined offshore and don't have to comply with
US law.

The way our email systems are set up, there is virtually no cost
to send a message. The costs are carried by the network companies
that have to transmit, store and forward the messages. The end
recipient has to spend time sorting through the garbage and
deleting it. If these guys had to pay for what they do, the
quantity of spam would drop dramatically. But then, everybody would
probably be billed for sending mail and that wouldn't go over well
either.

Spammers change their own Email addresses more often that most
of us change our underwear. They may only keep an address long
enough to blast out a hundred thousand messages or so and then
start up with a new address. They have to have their ISP's
cooperation to do this. Any address that looks like somebody rolled
their fingers across the keyboard is virtually guaranteed to be a
spammer. Addresses with a large number following a name, such as
superman6724 is also likely to be a spammer.

Some spammers also forge their message headers to look like
their message came from somebody else. Anybody who is willing to do
this doesn't want to be found and obviously cannot be trusted.
Forging message headers is blatantly illegal in the US but it
happens all the time because virtually nobody gets caught.

There are several things that you SHOULD DO and things
that you SHOULD NOT do in dealing with spam. Since there is
no real way to tell how scrupulous any given spammer is, you should
assume that ALL spammers are dirtbags or worse and treat
them as such.

DO NOT REPLY to any spam message, even if the message
offers to take you off the distribution list. You do not know who
you are dealing with and if the spammer is a mailing list compiler,
you have just confirmed that your Email address is a real live
address. In any event, the spammer will figure that a large
percentage of his messages will get bounced due to bad email
addresses and few will look at the returns unless they are
compiling more lists. Flaming them by return Email won't do much
good either, most won't care how you feel.

DO NOT OPEN ANY ENCLOSURES in a message that looks funny,
even if it came from somebody that you know. Some really mean
viruses and trojan horses have been distributed this way and they
will be usually be automatically forwarded to you from somebody
that you know when THEY got infected.

DO NOT CLICK ON ANY LINKS IN THE MESSAGE. Clicking on a
link will take you somewhere you probably don't want to go. You
might be redirected to other sites as well. I was foolish enough to
click on a link one time just to see what it did and I got
redirected to dozens of porn sites faster than I could close the
windows. After that, I got a flood of porn spam that took months to
die out.

DO REPORT SPAM to all reputable ISP's if the spam appears
to originate from such an ISP. Most major ISP's will take action if
the spam actually came from their site. Often all they can do is
shut off the offending spammer's account, but he's probably gone
anyway and is using a new address. When you report a spam, forward
the message WITH FULL HEADERS to abuse@theispname. This will
usually get the message through. Be sure to include the full header
information, there is probably an option somewhere in your Email
software to display full headers. Without this information, the ISP
cannot trace the message.

DO USE A SPAM FILTER. Many ISP's and Email packages have
spam filters. Some ISP's compile their own lists of reported
spammers and filter incoming mail for you so that you will not get
bombed by that particular spammer again. This doesn't work too well
when the spammer has changed his address, but it is a start. You
can often compile your own list of spam filters. See the next
section for some suggestions as to how to define filters.

Spam filters are rules that you can define in your Email
software to automatically handle messages. The rules can usually
apply to the all or parts of the message name or sender. There are
often other filters that can be defined, but just dealing with the
subject, sender name, ISP name or domain is sufficient. Filtered
messages can be immediately trashed or routed into some folder for
later examination. The more draconian that you make your filters,
the more that you should route the filtered messages to a folder
for scanning at some infrequent interval. Occasionally a desired
message will fit a filter and get identified as spam. Sometime you
just have to scan down the list to pick out the ones that were
misidentified but at least you don't have to do this every day.

A spam filter list is a living list. As you get new spam, look
at the title, sender, ISP and domain to see if any part of it would
make a good filter and then add it to your filter list. A hundred
or so items is very effective in filtering most spam.

Addresses. Since most spammers change their Email address
so often, filtering on the names is usually less than effective.
However, there seem to be some names that pop up over and over.

ISP names. There are ISP's that seem to tolerate spammers
and these can be filtered. Hotmail, excite.com and others seem to
gush spam.

Domain names. Entire domains can also be filtered. I have
found that any address that ends in .xx is usually spam. These are
new domains created for foreign countries and since I get little
mail from overseas (except .uk, .cn and .au) filtering on these
domains is very effective. Spammers go to ISP's in those domains to
get around US law. The spammers themselves can be anywhere in the
world.

Titles. Another effective filtering technique is to
filter keywords and phrases in the message title. Its not too often
that I get a message with "insurance", "sex" or "credit" in its
title that I actually wanted.

The following table is a list of some of the filters that I have
found to be especially effective. Depending on the kind of spam
that you receive, you may find that the table needs to be tightened
or loosened. Spam that gets through indicates that you ought to add
something. If too much desired mail gets filtered, then you might
need to loosen up your criteria somewhat.